Win64/patched.a.gen trojan and sirefef

Solved
By Ioana
Jun 20, 2012
  1. Ioana

    Ioana Newcomer, in training Topic Starter Posts: 40

    and part 2

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{4BDD17A2-5F17-283C-33DF-2C05003F72F3}]
    2009-07-14 01:1673728----a-w-c:\windows\SysWOW64\shpaffact.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5C7704B2-119B-5A3B-6CFF-30F40C59173C}]
    2009-07-14 01:1573728----a-w-c:\windows\SysWOW64\BWContexxtHandler.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]
    2011-05-09 08:49176936----a-w-c:\program files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-09 738168]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
    "Airytec Switch Off"="c:\program files\Airytec\Switch Off\swoff.exe" [2010-10-31 179712]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-01 98304]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    R2 HP-MPI SMPID;HP-MPI Remote Launch;c:\program files (x86)\Hewlett-Packard\HP-MPI\sbin\HPMPIWin32Service.exe [2009-06-04 367616]
    R2 MBAMService;MBAMService;e:\malwarebytes' anti-malware\mbamservice.exe [x]
    R2 SwOffScheduler;Airytec Switch Off - Task Scheduler;c:\program files\Airytec\Switch Off\swoff.exe [2010-10-31 179712]
    R2 SwOffWeb;Airytec Switch Off - Web Interface;c:\program files\Airytec\Switch Off\swoff.exe [2010-10-31 179712]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 253600]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2010-10-05 87336]
    R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-06-09 1431888]
    R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
    R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
    R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]
    R4 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [x]
    S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
    S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 ANSYS, Inc. License Manager;ANSYS, Inc. License Manager;c:\program files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe [2010-09-20 4390912]
    S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
    S2 iprip;RIP Listener;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 NfsClnt;Client for NFS;c:\windows\system32\nfsclnt.exe [x]
    S2 QDLService2kDell;Qualcomm Gobi 2000 Download Service (Dell);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [2010-01-14 330488]
    S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
    S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
    S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 NfsRdr;Client for NFS Redirector;c:\windows\system32\drivers\nfsrdr.sys [x]
    S3 PsxDrv;PsxDrv;c:\windows\system32\drivers\psxdrv.sys [x]
    S3 RpcXdr;Server for NFS Open RPC (ONCRPC);c:\windows\system32\drivers\rpcxdr.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcsREG_MULTI_SZ w3svc was
    apphostREG_MULTI_SZ apphostsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 08:07]
    .
    2012-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2313506185-3105949007-605300772-1000Core.job
    - c:\users\Ioana\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-02 12:58]
    .
    2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2313506185-3105949007-605300772-1000UA.job
    - c:\users\Ioana\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-02 12:58]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-08-02 726640]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
    "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyServer = cache.utcluj.ro:3128
    uInternet Settings,ProxyOverride = *.local;<local>
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.0.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-10 - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-06-21 06:02:51
    ComboFix-quarantined-files.txt 2012-06-21 03:02
    ComboFix2.txt 2012-06-21 02:30
    ComboFix3.txt 2012-02-15 02:14
    .
    Pre-Run: 48.757.981.184 bytes free
    Post-Run: 48.704.167.936 bytes free
    .
    - - End Of File - - 7B90EA2E3E58D493D8A281B4711AB31E
  2. Broni

    Broni Malware Annihilator Posts: 46,173   +251

    Looks good.

    How is computer doing?

    Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ============================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  3. Ioana

    Ioana Newcomer, in training Topic Starter Posts: 40

    I'm glad...I was quite scared of all those "impossible to clean". the computer is oki.... :) I'll tell you more when it restarts again
  4. Ioana

    Ioana Newcomer, in training Topic Starter Posts: 40

    mbam log


    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.04.04.08

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    Ioana :: IOANA-PC [administrator]

    Protection: Disabled

    21.06.2012 06:18:52
    mbam-log-2012-06-21 (06-18-52).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 233293
    Time elapsed: 2 minute(s), 46 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
  5. Ioana

    Ioana Newcomer, in training Topic Starter Posts: 40

    should I restart if nothing was found? I mean before downloading the next
  6. Broni

    Broni Malware Annihilator Posts: 46,173   +251

  7. Ioana

    Ioana Newcomer, in training Topic Starter Posts: 40

    aswMBR log

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-06-21 06:25:42
    -----------------------------
    06:25:42.499 OS Version: Windows x64 6.1.7600
    06:25:42.500 Number of processors: 8 586 0x1E05
    06:25:42.500 ComputerName: IOANA-PC UserName: Ioana
    06:25:43.202 Initialize success
    06:26:17.250 AVAST engine defs: 12062001
    06:26:24.568 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    06:26:24.573 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
    06:26:24.583 Disk 0 MBR read successfully
    06:26:24.589 Disk 0 MBR scan
    06:26:24.599 Disk 0 Windows 7 default MBR code
    06:26:24.607 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 102400 MB offset 2048
    06:26:24.628 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152400 MB offset 209717248
    06:26:24.652 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 521832448
    06:26:24.665 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 222038 MB offset 522037248
    06:26:24.712 Disk 0 scanning C:\Windows\system32\drivers
    06:26:36.643 Service scanning
    06:27:40.629 Modules scanning
    06:27:40.651 Disk 0 trace - called modules:
    06:27:41.006 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys iaStor.sys hal.dll
    06:27:41.018 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004dff060]
    06:27:41.028 3 CLASSPNP.SYS[fffff88001ad143f] -> nt!IofCallDriver -> [0xfffffa8004c7da90]
    06:27:41.036 5 stdcfltn.sys[fffff8800164bc52] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004ad4050]
    06:27:41.955 AVAST engine scan C:\Windows
    06:27:47.748 AVAST engine scan C:\Windows\system32
    06:30:09.919 AVAST engine scan C:\Windows\system32\drivers
    06:30:22.151 AVAST engine scan C:\Users\Ioana
    06:34:48.511 AVAST engine scan C:\ProgramData
    06:36:17.012 Scan finished successfully
    06:37:21.790 Disk 0 MBR has been saved successfully to "C:\Users\Ioana\Desktop\MBR.dat"
    06:37:21.799 The log file has been saved successfully to "C:\Users\Ioana\Desktop\aswMBR.txt"
  8. Broni

    Broni Malware Annihilator Posts: 46,173   +251

    Looks good :)

    Any current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  9. Ioana

    Ioana Newcomer, in training Topic Starter Posts: 40

    otl.txt 1

    OTL logfile created on: 21.06.2012 06:57:49 - Run 1
    OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Ioana\Desktop
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy

    3,93 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 45,37% Memory free
    7,87 Gb Paging File | 5,55 Gb Available in Paging File | 70,59% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 100,00 Gb Total Space | 45,30 Gb Free Space | 45,30% Space Free | Partition Type: NTFS
    Drive D: | 148,83 Gb Total Space | 125,62 Gb Free Space | 84,41% Space Free | Partition Type: NTFS
    Drive E: | 216,83 Gb Total Space | 98,99 Gb Free Space | 45,65% Space Free | Partition Type: NTFS

    Computer Name: IOANA-PC | User Name: Ioana | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012.06.21 06:54:58 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Ioana\Desktop\OTL.exe
    PRC - [2012.02.13 11:06:56 | 003,481,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    PRC - [2012.01.03 16:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011.09.22 13:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    PRC - [2010.08.02 12:55:38 | 000,726,640 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    PRC - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2010.02.17 02:30:48 | 005,244,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    PRC - [2010.01.14 07:30:16 | 000,330,488 | ---- | M] (QUALCOMM, Inc.) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe
    PRC - [2009.09.30 20:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009.09.30 20:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [1998.08.13 09:28:02 | 000,025,600 | ---- | M] (Hummingbird Communications Ltd.) -- C:\Windows\SysWOW64\Hummbird\inetd32.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012.06.07 11:14:43 | 000,441,880 | ---- | M] () -- C:\Users\Ioana\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll
    MOD - [2012.06.07 11:14:42 | 003,922,456 | ---- | M] () -- C:\Users\Ioana\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
    MOD - [2012.06.07 11:13:27 | 000,553,496 | ---- | M] () -- C:\Users\Ioana\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll
    MOD - [2012.06.07 11:13:26 | 000,117,784 | ---- | M] () -- C:\Users\Ioana\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll
    MOD - [2012.06.07 11:13:16 | 000,134,696 | ---- | M] () -- C:\Users\Ioana\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
    MOD - [2012.06.07 11:13:15 | 000,250,408 | ---- | M] () -- C:\Users\Ioana\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
    MOD - [2012.06.07 11:13:14 | 002,375,720 | ---- | M] () -- C:\Users\Ioana\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
    MOD - [2012.06.07 10:23:19 | 009,252,040 | ---- | M] () -- C:\Users\Ioana\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
    MOD - [2010.08.02 12:55:38 | 000,726,640 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    MOD - [2010.02.17 02:30:46 | 000,929,792 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011.09.22 13:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
    SRV:64bit: - [2011.06.09 12:57:03 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2010.10.31 21:37:52 | 000,179,712 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffWeb)
    SRV:64bit: - [2010.10.31 21:37:52 | 000,179,712 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffScheduler)
    SRV:64bit: - [2010.10.05 08:07:08 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
    SRV:64bit: - [2010.09.20 23:20:59 | 004,390,912 | ---- | M] (ANSYS, Inc.) [Auto | Running] -- C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe -- (ANSYS, Inc. License Manager)
    SRV:64bit: - [2010.06.01 22:30:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010.01.21 04:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2009.07.17 09:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
    SRV:64bit: - [2009.07.14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009.07.14 04:41:10 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\iprip.dll -- (iprip)
    SRV:64bit: - [2009.07.14 04:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2009.07.14 04:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)
    SRV:64bit: - [2009.07.14 04:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
    SRV:64bit: - [2009.07.14 04:39:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
    SRV:64bit: - [2009.07.14 04:39:21 | 000,065,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nfsclnt.exe -- (NfsClnt)
    SRV:64bit: - [2009.07.14 04:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
    SRV:64bit: - [2009.07.01 18:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2009.03.03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
    SRV - [2012.04.03 11:07:17 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012.01.03 16:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011.06.09 13:48:42 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011.06.09 13:41:33 | 000,079,360 | ---- | M] (SolidWorks) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
    SRV - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
    SRV - [2010.01.21 04:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe -- (STacSV)
    SRV - [2010.01.14 07:30:16 | 000,330,488 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe -- (QDLService2kDell) Qualcomm Gobi 2000 Download Service (Dell)
    SRV - [2009.11.26 11:53:44 | 000,447,488 | R--- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe -- (WMCoreService)
    SRV - [2009.09.30 20:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2009.09.30 20:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2009.07.14 04:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2009.07.14 04:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
    SRV - [2009.07.14 04:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2009.07.14 04:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
    SRV - [2009.07.14 04:14:39 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
    SRV - [2009.06.11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009.06.04 15:47:48 | 000,367,616 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP-MPI\sbin\hpmpiwin32service.exe -- (HP-MPI SMPID)
    SRV - [2009.03.03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
    SRV - [2009.02.10 19:01:49 | 000,116,104 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
    SRV - [1998.08.13 09:28:02 | 000,025,600 | ---- | M] (Hummingbird Communications Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\Hummbird\inetd32.exe -- (HCLInetd)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
    DRV:64bit: - [2012.04.05 10:21:15 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2011.08.09 15:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
    DRV:64bit: - [2011.08.04 10:20:38 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
    DRV:64bit: - [2011.08.04 10:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
    DRV:64bit: - [2011.08.04 10:20:38 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
    DRV:64bit: - [2011.08.04 10:20:38 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
    DRV:64bit: - [2010.07.09 10:42:16 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
    DRV:64bit: - [2010.07.09 10:42:08 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
    DRV:64bit: - [2010.06.01 22:50:28 | 006,857,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010.06.01 21:42:48 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010.05.06 05:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2010.03.03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010.01.21 04:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2009.10.12 19:00:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
    DRV:64bit: - [2009.08.21 00:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009.07.17 09:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
    DRV:64bit: - [2009.07.14 04:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009.07.14 04:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009.07.14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009.07.14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009.07.14 04:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009.07.14 04:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2009.07.14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009.07.14 03:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
    DRV:64bit: - [2009.07.14 02:35:55 | 000,010,240 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psxdrv.sys -- (PsxDrv)
    DRV:64bit: - [2009.07.14 02:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2009.07.14 02:24:45 | 000,104,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rpcxdr.sys -- (RpcXdr)
    DRV:64bit: - [2009.07.14 02:24:23 | 000,262,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\nfsrdr.sys -- (NfsRdr)
    DRV:64bit: - [2009.07.08 00:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009.07.04 19:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
    DRV:64bit: - [2009.07.02 22:26:34 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2009.07.02 22:26:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2009.07.02 22:26:34 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2009.07.02 22:26:34 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2009.07.02 08:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
    DRV:64bit: - [2009.07.01 18:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
    DRV:64bit: - [2009.06.10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009.06.10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009.06.10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009.06.10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009.07.14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2737658


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2313506185-3105949007-605300772-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-2313506185-3105949007-605300772-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
    IE - HKU\S-1-5-21-2313506185-3105949007-605300772-1000\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-2313506185-3105949007-605300772-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKU\S-1-5-21-2313506185-3105949007-605300772-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2313506185-3105949007-605300772-1000\..\SearchScopes\{11A24597-D231-4A5F-925E-AB4D09094BF4}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=D6FC9E7C-7EEE-4578-BE99-3DC2C315E7E4
    IE - HKU\S-1-5-21-2313506185-3105949007-605300772-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
    IE - HKU\S-1-5-21-2313506185-3105949007-605300772-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
    IE - HKU\S-1-5-21-2313506185-3105949007-605300772-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2737658
    IE - HKU\S-1-5-21-2313506185-3105949007-605300772-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2313506185-3105949007-605300772-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
    IE - HKU\S-1-5-21-2313506185-3105949007-605300772-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = cache.utcluj.ro:3128

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Search Results"
    FF - prefs.js..browser.search.order.1: "Search Results"
    FF - prefs.js..browser.search.selectedEngine: "Search Results"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.google.com"
    FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q="
    FF - prefs.js..network.proxy.backup.ftp: "cache.utcluj.ro"
    FF - prefs.js..network.proxy.backup.ftp_port: 3128
    FF - prefs.js..network.proxy.backup.socks: "cache.utcluj.ro"
    FF - prefs.js..network.proxy.backup.socks_port: 3128
    FF - prefs.js..network.proxy.backup.ssl: "cache.utcluj.ro"
    FF - prefs.js..network.proxy.backup.ssl_port: 3128
    FF - prefs.js..network.proxy.ftp: "cache.utcluj.ro"
    FF - prefs.js..network.proxy.ftp_port: 3128
    FF - prefs.js..network.proxy.http: "cache.utcluj.ro"
    FF - prefs.js..network.proxy.http_port: 3128
    FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, .utcluj.ro, 192.168.0.1"
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: "cache.utcluj.ro"
    FF - prefs.js..network.proxy.socks_port: 3128
    FF - prefs.js..network.proxy.ssl: "cache.utcluj.ro"
    FF - prefs.js..network.proxy.ssl_port: 3128
    FF - prefs.js..network.proxy.type: 0


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ioana\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ioana\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012.02.15 01:59:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012.02.15 01:59:15 | 000,000,000 | ---D | M]

    [2011.12.11 11:08:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ioana\AppData\Roaming\Mozilla\Extensions
    [2012.01.06 01:18:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ioana\AppData\Roaming\Mozilla\Firefox\Profiles\lrb0uioz.default\extensions
    [2011.09.13 10:10:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Ioana\AppData\Roaming\Mozilla\Firefox\Profiles\lrb0uioz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2011.09.13 10:11:34 | 000,002,396 | ---- | M] () -- C:\Users\Ioana\AppData\Roaming\Mozilla\Firefox\Profiles\lrb0uioz.default\searchplugins\askcom.xml
    [2011.04.07 00:53:20 | 000,002,059 | ---- | M] () -- C:\Users\Ioana\AppData\Roaming\Mozilla\Firefox\Profiles\lrb0uioz.default\searchplugins\daemon-search.xml
    [2011.12.10 18:45:47 | 000,002,519 | ---- | M] () -- C:\Users\Ioana\AppData\Roaming\Mozilla\Firefox\Profiles\lrb0uioz.default\searchplugins\Search_Results.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
    CHR - default_search_provider: suggest_url = http://suggestqueries.google.com/complete/search?q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Ioana\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Ioana\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ioana\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Ioana\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Bitdefender QuickScan (Enabled) = C:\Users\Ioana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.115_0\npqscan.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Ioana\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - Extension: Fast save = C:\Users\Ioana\AppData\Local\Google\Chrome\User Data\Default\Extensions\camneihmgahaliekdppnjolhagegoegh\1.1_0\
    CHR - Extension: Love Smoke = C:\Users\Ioana\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgibfhhccaknggplelmbaepoikkcnllb\1_0\
    CHR - Extension: Bitdefender QuickScan = C:\Users\Ioana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.115_0\

    O1 HOSTS File: ([2012.06.21 06:00:38 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {4BDD17A2-5F17-283C-33DF-2C05003F72F3} - C:\Windows\SysWOW64\shpaffact.dll ()
    O2 - BHO: (Groove GFS Browser Helper) - {5C7704B2-119B-5A3B-6CFF-30F40C59173C} - C:\Windows\SysWOW64\BWContexxtHandler.dll ()
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
    O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
    O3 - HKLM\..\Toolbar: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-2313506185-3105949007-605300772-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
    O3 - HKU\S-1-5-21-2313506185-3105949007-605300772-1000\..\Toolbar\WebBrowser: (FreeOnlineRadioPlayerRecorder Toolbar) - {F999A48B-1950-4D81-9971-79018F807B4B} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
    O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
    O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
    O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-2313506185-3105949007-605300772-1000..\Run: [Airytec Switch Off] C:\Program Files\Airytec\Switch Off\swoff.exe (Airytec)
    O4 - HKU\S-1-5-21-2313506185-3105949007-605300772-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-2313506185-3105949007-605300772-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2313506185-3105949007-605300772-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2313506185-3105949007-605300772-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46035EEC-3169-4C24-B31E-64922F33E94D}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89CFF7F2-7277-460B-A168-D29BFC9A1F8B}: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2012.03.07 13:07:44 | 000,000,000 | R--D | M] - D:\Autodesk AutoCAD 2010 [64-bit] -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012.06.21 13:40:52 | 000,000,000 | ---D | C] -- C:\FRST
    [2012.06.21 06:54:52 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Ioana\Desktop\OTL.exe
    [2012.06.21 06:18:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012.06.21 06:18:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012.06.21 06:13:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012.06.21 04:33:26 | 004,563,905 | R--- | C] (Swearware) -- C:\Users\Ioana\Desktop\ComboFix.exe
    [2012.06.21 03:59:17 | 000,000,000 | ---D | C] -- C:\Users\Ioana\AppData\Roaming\Specialbit
    [2012.06.21 00:33:01 | 000,000,000 | ---D | C] -- C:\Users\Ioana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haunted Hotel 4 - Charles Dexter Ward Collector's Edition
    [2012.06.21 00:23:00 | 000,000,000 | ---D | C] -- C:\Windows\Haunted Hotel 4 - Charles Dexter Ward Collector's Edition
    [2012.06.21 00:12:36 | 000,000,000 | ---D | C] -- C:\sh4ldr
    [2012.06.21 00:12:36 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
    [2012.06.21 00:06:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    [2012.06.19 00:26:13 | 000,000,000 | ---D | C] -- C:\Users\Ioana\AppData\Roaming\Mad Head Games
    [2012.06.18 09:59:33 | 000,000,000 | ---D | C] -- C:\Users\Ioana\AppData\Roaming\AlawarEntertainment
    [2012.06.12 23:56:48 | 000,000,000 | ---D | C] -- C:\Users\Ioana\AppData\Roaming\World-LooM
    [2012.06.08 10:12:02 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2012.06.08 10:05:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
    [2012.06.08 10:05:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared
    [2012.06.08 10:02:57 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD 2010
    [2012.06.05 11:37:18 | 000,000,000 | ---D | C] -- C:\Users\Ioana\Desktop\Luca
    [2012.06.01 11:26:15 | 000,000,000 | ---D | C] -- C:\Users\Ioana\AppData\Roaming\Artogon
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012.06.21 06:54:58 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Ioana\Desktop\OTL.exe
    [2012.06.21 06:37:21 | 000,000,512 | ---- | M] () -- C:\Users\Ioana\Desktop\MBR.dat
    [2012.06.21 06:18:04 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012.06.21 06:13:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2313506185-3105949007-605300772-1000UA.job
    [2012.06.21 06:09:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012.06.21 06:00:38 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012.06.21 05:42:53 | 000,165,376 | ---- | M] () -- C:\Users\Ioana\Desktop\SystemLook_x64.exe
    [2012.06.21 05:38:43 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012.06.21 05:38:43 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012.06.21 05:12:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012.06.21 05:11:57 | 3168,165,888 | -HS- | M] () -- C:\hiberfil.sys
    [2012.06.21 04:33:51 | 004,563,905 | R--- | M] (Swearware) -- C:\Users\Ioana\Desktop\ComboFix.exe
    [2012.06.21 01:00:46 | 002,436,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012.06.21 00:33:01 | 000,000,948 | ---- | M] () -- C:\Users\Ioana\Desktop\Haunted Hotel 4 - Charles Dexter Ward Collector's Edition.lnk
    [2012.06.20 12:22:14 | 000,251,897 | ---- | M] () -- C:\Users\Ioana\Desktop\16062012428.jpg
    [2012.06.20 12:18:56 | 000,250,736 | ---- | M] () -- C:\Users\Ioana\Desktop\16062012427.jpg
    [2012.06.20 12:17:39 | 000,261,054 | ---- | M] () -- C:\Users\Ioana\Desktop\16062012425.jpg
    [2012.06.19 12:14:39 | 000,839,752 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012.06.19 12:14:39 | 000,705,596 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012.06.19 12:14:39 | 000,135,646 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012.06.12 11:10:21 | 001,262,536 | ---- | M] () -- C:\Users\Ioana\Desktop\Tolerante si Control Dimensional - Curs - Pater.pdf
    [2012.06.08 10:58:46 | 000,000,173 | ---- | M] () -- C:\Users\Ioana\Documents\acad.err
    [2012.06.08 10:05:54 | 000,001,907 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2010 - English.lnk
    [2012.06.07 16:53:14 | 000,000,000 | ---- | M] () -- C:\Users\Ioana\AppData\Local\Temptable.xml
    [2012.06.07 12:13:54 | 000,011,116 | ---- | M] () -- C:\Users\Ioana\Desktop\Tranzactii_pe_perioada.pdf
    [2012.06.03 03:13:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2313506185-3105949007-605300772-1000Core.job
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========
  10. Ioana

    Ioana Newcomer, in training Topic Starter Posts: 40

    otl.txt 2

    ========== Files Created - No Company Name ==========

    [2012.06.21 06:37:21 | 000,000,512 | ---- | C] () -- C:\Users\Ioana\Desktop\MBR.dat
    [2012.06.21 06:18:04 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012.06.21 05:42:52 | 000,165,376 | ---- | C] () -- C:\Users\Ioana\Desktop\SystemLook_x64.exe
    [2012.06.21 00:33:01 | 000,000,948 | ---- | C] () -- C:\Users\Ioana\Desktop\Haunted Hotel 4 - Charles Dexter Ward Collector's Edition.lnk
    [2012.06.20 12:18:47 | 000,250,736 | ---- | C] () -- C:\Users\Ioana\Desktop\16062012427.jpg
    [2012.06.20 12:17:24 | 000,261,054 | ---- | C] () -- C:\Users\Ioana\Desktop\16062012425.jpg
    [2012.06.20 12:15:49 | 000,251,897 | ---- | C] () -- C:\Users\Ioana\Desktop\16062012428.jpg
    [2012.06.12 11:10:21 | 001,262,536 | ---- | C] () -- C:\Users\Ioana\Desktop\Tolerante si Control Dimensional - Curs - Pater.pdf
    [2012.06.08 10:58:46 | 000,000,173 | ---- | C] () -- C:\Users\Ioana\Documents\acad.err
    [2012.06.08 10:05:54 | 000,001,907 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD 2010 - English.lnk
    [2012.06.07 12:13:54 | 000,011,116 | ---- | C] () -- C:\Users\Ioana\Desktop\Tranzactii_pe_perioada.pdf
    [2012.02.15 04:58:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012.02.15 04:58:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012.02.15 04:58:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012.02.15 04:58:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012.02.15 04:58:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012.02.08 15:18:13 | 000,007,599 | ---- | C] () -- C:\Users\Ioana\AppData\Local\Resmon.ResmonCfg
    [2012.02.08 00:09:40 | 000,017,408 | ---- | C] () -- C:\Users\Ioana\AppData\Local\WebpageIcons.db
    [2011.10.17 13:50:12 | 000,852,774 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011.06.14 02:47:34 | 000,000,000 | ---- | C] () -- C:\Users\Ioana\AppData\Local\Temptable.xml
    [2011.06.13 00:02:36 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
    [2011.06.09 13:11:54 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
    [2011.06.07 09:06:59 | 000,001,698 | ---- | C] () -- C:\Windows\wincmd.ini
    [2011.04.07 00:24:42 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\d33dx9_31.dll
    [2011.04.06 17:23:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011.04.06 17:20:21 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

    ========== LOP Check ==========

    [2012.05.06 15:02:00 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ESET
    [2011.04.13 00:04:53 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Airytec
    [2012.06.18 09:59:33 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\AlawarEntertainment
    [2012.01.09 22:14:19 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Amaranth Games
    [2012.03.22 14:37:47 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Ansys
    [2012.03.31 22:15:54 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Arkadium
    [2012.06.05 23:33:04 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Artifex Mundi
    [2012.06.01 11:26:15 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Artogon
    [2011.06.09 13:59:15 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Autodesk
    [2012.01.02 01:54:44 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Big Fish Games
    [2011.11.15 23:14:32 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\BlamGames
    [2012.05.28 23:16:32 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Blue Tea Games
    [2011.07.15 21:02:36 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Boolat Games
    [2012.05.25 00:01:12 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Boomzap
    [2011.05.25 00:47:17 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\BSplayer
    [2011.04.23 01:23:15 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\BSplayer Pro
    [2011.09.14 10:05:37 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Canneverbe Limited
    [2011.07.12 00:51:25 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Canon
    [2012.04.22 19:20:23 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\DAEMON Tools Lite
    [2011.10.17 12:10:08 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\DAEMON Tools Pro
    [2012.05.11 01:08:36 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\DailyMagic
    [2012.04.20 08:31:01 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Dark Blue Games
    [2011.06.09 14:49:16 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\DassaultSystemes
    [2011.11.25 12:59:04 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\DieselPuppet
    [2012.01.24 18:47:56 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\EleFun Games
    [2012.04.22 23:18:15 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Elephant Games
    [2012.04.18 23:53:06 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\EntwinedSoD
    [2012.06.19 14:09:06 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\ERS Game Studios
    [2012.02.15 02:00:12 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\ESET
    [2011.06.07 09:28:32 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Fluent.Inc
    [2012.02.07 14:08:28 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\FlyWheelGames
    [2012.05.03 13:11:02 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Free Online Radio Player Recorder
    [2012.03.21 22:11:35 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Friday's games
    [2012.02.20 16:44:09 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Frogwares
    [2011.10.12 22:16:13 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Funswitch
    [2012.06.15 11:20:10 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Fuzzy Bug Interactive
    [2012.03.23 13:59:42 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\GameInvest
    [2012.02.18 20:18:17 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Gamers Digital
    [2011.04.06 23:14:14 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\GetRightToGo
    [2011.07.22 22:40:15 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Gogii
    [2011.07.16 14:30:42 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\IntrigueIncRavensFlightStrategyGuide
    [2012.04.06 08:44:55 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Launcher
    [2012.06.19 00:26:13 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Mad Head Games
    [2011.12.03 20:04:42 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Merscom
    [2012.02.29 13:29:06 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\MumboJumbo
    [2012.04.19 14:08:35 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Music Editor Free
    [2011.10.06 22:54:00 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Mystery of Mortlake Mansion
    [2011.10.24 00:08:07 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Namco
    [2012.05.15 22:56:16 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Orneon
    [2011.04.07 10:22:31 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\PCDr
    [2012.01.08 00:12:02 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\PlayFirst
    [2012.06.18 15:33:36 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\QuickScan
    [2012.03.01 14:35:12 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\ShamanGS
    [2011.07.15 21:00:43 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Skunk Studios
    [2012.02.12 17:54:57 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Smart PDF Creator
    [2012.06.21 03:59:17 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Specialbit
    [2012.05.20 23:11:43 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\SpinTop Games
    [2011.11.29 16:29:29 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\SultanofPersia
    [2011.07.10 13:11:46 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\SulusGames
    [2012.05.18 11:16:59 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\tabagames
    [2012.01.09 17:30:30 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Top Evidence
    [2011.10.05 16:36:46 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Urban Legends The Maze Strategy Guide
    [2012.06.21 05:35:45 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\uTorrent
    [2012.04.01 23:20:09 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Vast Studios
    [2011.07.15 21:05:56 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\VendelGAMES
    [2012.06.14 13:42:09 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\Vogat Interactive
    [2011.04.06 17:23:54 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\WirelessManager
    [2011.04.06 17:24:04 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\WMCore
    [2012.06.12 23:56:48 | 000,000,000 | ---D | M] -- C:\Users\Ioana\AppData\Roaming\World-LooM
    [2012.06.21 02:28:56 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2012.06.21 06:02:51 | 000,019,879 | ---- | M] () -- C:\ComboFix.txt
    [2011.04.12 09:40:04 | 000,009,154 | ---- | M] () -- C:\debug1214.txt
    [2011.06.24 12:19:19 | 000,000,032 | ---- | M] () -- C:\gambit.fnl
    [2012.06.21 05:11:57 | 3168,165,888 | -HS- | M] () -- C:\hiberfil.sys
    [2012.06.21 05:12:00 | 4224,225,280 | -HS- | M] () -- C:\pagefile.sys
    [2012.06.20 23:47:57 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_20.06.2012_23.47.54_log.txt
    [2012.06.20 23:51:18 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_20.06.2012_23.51.10_log.txt
    [2012.06.20 23:55:08 | 000,271,838 | ---- | M] () -- C:\TDSSKiller.2.7.40.0_20.06.2012_23.52.00_log.txt
    [2011.07.19 03:53:29 | 000,003,180 | ---- | M] () -- C:\z_prof_log.txt

    < %systemroot%\Fonts\*.com >
    [2009.07.14 08:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009.07.14 08:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009.07.14 08:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009.07.14 08:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009.06.10 23:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009.07.14 07:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011.04.06 16:05:51 | 000,000,221 | -HS- | M] () -- C:\Users\Ioana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012.06.21 04:33:51 | 004,563,905 | R--- | M] (Swearware) -- C:\Users\Ioana\Desktop\ComboFix.exe
    [2012.06.21 06:54:58 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Ioana\Desktop\OTL.exe
    [2012.06.21 05:42:53 | 000,165,376 | ---- | M] () -- C:\Users\Ioana\Desktop\SystemLook_x64.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012.06.21 06:09:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012.06.03 03:13:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2313506185-3105949007-605300772-1000Core.job
    [2012.06.21 06:13:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2313506185-3105949007-605300772-1000UA.job
    [2012.06.21 05:12:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012.06.21 02:28:56 | 000,032,592 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >
    [2011.04.12 10:27:28 | 048,536,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Ioana\AdbeRdr1001_en_US.exe

    < %systemroot%\ADDINS\*.* >
    [2009.06.11 00:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011.04.11 12:53:26 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2011.04.11 12:53:26 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2011.04.11 12:53:26 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2011.04.11 12:53:26 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2011.04.11 12:53:26 | 000,786,432 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
    [2011.04.11 12:53:26 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011.04.06 22:51:32 | 000,000,402 | -HS- | M] () -- C:\Users\Ioana\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:943971F5
    @Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:EE198B1F
    @Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:4A8EB1C4
    @Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:1A15E356
    @Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:87A3A233
    @Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:18DEBC51
    @Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:14B2E0BD
    @Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:2D133896
    @Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:58E38390
    @Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:6EE8565A
    @Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:B4258C5D
    @Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:1604D047
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C2F24DB5
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:AA0017FD
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:85AA7074
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5520ED93
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:F5D01D7C
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2AE74FF9
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:ED2D63E4
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:A6F30843
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:5311B0B8
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B0456F0C
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:012BC84F
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6A0A47E7
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:474022C7
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:26499772
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2652902F
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D026A5A4
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1B389835
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:3E200C29
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:02CC0035
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

    < End of report >
  11. Ioana

    Ioana Newcomer, in training Topic Starter Posts: 40

    extras.txt

    OTL Extras logfile created on: 21.06.2012 06:57:49 - Run 1
    OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Ioana\Desktop
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy

    3,93 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 45,37% Memory free
    7,87 Gb Paging File | 5,55 Gb Available in Paging File | 70,59% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 100,00 Gb Total Space | 45,30 Gb Free Space | 45,30% Space Free | Partition Type: NTFS
    Drive D: | 148,83 Gb Total Space | 125,62 Gb Free Space | 84,41% Space Free | Partition Type: NTFS
    Drive E: | 216,83 Gb Total Space | 98,99 Gb Free Space | 45,65% Space Free | Partition Type: NTFS

    Computer Name: IOANA-PC | User Name: Ioana | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2313506185-3105949007-605300772-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htafile [open] -- "%1" %*
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htafile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "UpdatesDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{0CC1C101-88E7-4725-938F-54A98E571597}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{606BDE76-4102-4FED-8DC9-30A27CEB7F68}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{86BA783C-6820-4FB7-8C86-FAB9F3EF0FF5}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "UDP Query User{F845F8EF-A4D7-4FF0-A616-DF033F6FB4DE}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0B591597-EE32-F353-ECAA-FB4F58474691}" = ATI AVIVO64 Codecs
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
    "{1C89932F-1D9D-4776-AD7A-9156FF792539}" = Modem Diagnostics Tool
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4F113377-0BA1-4552-9ABB-9BF220FAF132}" = SolidWorks 2011 x64 Edition SP0
    "{542DDF04-9F91-4F36-B2F4-2638B788A4C8}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
    "{5783F2D7-8001-0409-0102-0060B0CE6BBA}" = AutoCAD 2010 - English
    "{5783F2D7-8001-0409-1102-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English
    "{5ECFC170-8934-4D31-8374-0837288D6AE3}" = SolidWorks eDrawings 2011 x64 Edition SP0
    "{5F590D74-AA75-410F-A778-3CDFCE12DCD4}" = SolidWorks Explorer 2011 SP0 x64 Edition
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
    "{8F59A8AC-1D7B-8578-38F7-8F5166FA8580}" = ccc-utility64
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
    "{B9C64DC8-721C-469B-A6C0-07A60BAFC02B}" = ESET Smart Security
    "{EF5745D9-C0A7-4D40-2900-AD093F232827}" = ATI Catalyst Install Manager
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "Airytec Switch Off" = Airytec Switch Off
    "AutoCAD 2010 - English" = AutoCAD 2010 - English
    "Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
    "Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
    "WinRAR archiver" = WinRAR 4.01 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1B2BDFB3-3786-A62F-F498-83F9EE3FBD0F}" = CCC Help Japanese
    "{1C00A3F1-6DA0-49F8-94E4-01AB6FC01033}" = Nero 7 Essentials
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20068980-5702-5CA7-F335-6592852F7F59}" = CCC Help Italian
    "{23EEC842-57ED-4055-A056-9D4185DFB1AA}" = Dell Mobile Broadband Manager
    "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
    "{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.04
    "{3D6F16CA-13B8-6425-A71A-B91DB3E14F51}" = CCC Help Danish
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4DE43CB4-9FB5-82E1-780C-9D38E2F1391E}" = CCC Help Dutch
    "{5030C973-F5BA-4432-860C-A3DA77BFEB05}" = Qualcomm Gobi 2000 Package for Dell
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{597BBBD5-8A69-CF88-2DE3-67194CE5C071}" = Catalyst Control Center Graphics Previews Common
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{71E015CC-52DA-4536-AF0C-C643BA1E45FB}" = Catalyst Control Center - Branding
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7677040A-E5AA-998C-8810-59F0B5D3E0A8}" = Catalyst Control Center InstallProxy
    "{7CC90569-A7DB-5EA0-A9FE-0C5799A28B11}" = CCC Help Chinese Traditional
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
    "{8DEB7DD7-FC6D-76C6-712D-40968A736963}" = CCC Help Swedish
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
    "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{92531F24-21E5-C8EC-30E6-D56536FD61C7}" = CCC Help Finnish
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BC422FB-175A-0191-C141-B8B453DAF06E}" = Catalyst Control Center Graphics Previews Vista
    "{9D583F01-A973-4B04-90BD-FB7886779090}" = Dell Wireless HSPA Mini-Card Drivers
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A1C21906-351B-685E-7263-A4C30DF381E0}" = CCC Help German
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AB6EE148-B13E-C19D-2732-CD0EB23C39B8}" = CCC Help Portuguese
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
    "{BE6A55A2-C71F-57DD-E498-7B8F317C0E15}" = ccc-core-static
    "{D11D2A79-78FA-EA15-CC16-8F24817EAED2}" = CCC Help Korean
    "{D165A6B1-6985-072E-969E-333D759D6777}" = CCC Help Spanish
    "{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
    "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
    "{DF28B648-9636-5DE8-A072-54A5323B0CDA}" = CCC Help Norwegian
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E8DEB138-8DAC-EB25-87CE-D38A2C1C35CE}" = CCC Help French
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F393B7C2-136F-2956-30A3-1099C8394B51}" = CCC Help Chinese Standard
    "{F6F4AF75-109A-638B-80D5-87283B00CD5E}" = Catalyst Control Center Localization All
    "{FB46EFDE-44F4-83F1-3044-68F5E95E3D4E}" = CCC Help English
    "{FBCCCFB0-D89D-C91F-B9B1-8AB1760C1DD0}" = CCC Help Russian
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "BSPlayerf" = BS.Player FREE
    "Canon MP250 series User Registration" = Canon MP250 series User Registration
    "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    "CanonMyPrinter" = Canon Utilities My Printer
    "CanonSolutionMenu" = Canon Utilities Solution Menu
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "ESET Online Scanner" = ESET Online Scanner v3
    "Exceed" = Exceed for Windows NT
    "FreeOnlineRadioPlayerRecorder Toolbar" = FreeOnlineRadioPlayerRecorder Toolbar
    "Haunted Hotel 4 - Charles Dexter Ward Collector's EditionFinal" = Haunted Hotel 4 - Charles Dexter Ward Collector's Edition
    "HP-MPI_is1" = HP-MPI 2.0
    "iLivid" = iLivid
    "Mahjongg Dimensions Deluxe 2 - Tiles in Time1.0" = Mahjongg Dimensions Deluxe 2 - Tiles in Time
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Mendeley Desktop" = Mendeley Desktop 1.3.1
    "Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
    "MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
    "Music Editor Free" = Music Editor Free
    "SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.1 for Windows
    "SolidWorks Installation Manager 20110-40000-1100-100" = SolidWorks 2011 x64 Edition SP0
    "SopCast" = SopCast 3.4.0
    "Syberia 1 1.00" = Syberia 1 1.00
    "Totalcmd" = Total Commander (Remove or Repair)
    "uTorrent" = µTorrent
    "Winamp" = Winamp
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2313506185-3105949007-605300772-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "bd4d3a0508d364f5" = Dell Driver Download Manager
    "Google Chrome" = Google Chrome
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 09.04.2012 08:23:00 | Computer Name = Ioana-PC | Source = PerfNet | ID = 2006
    Description =

    Error - 09.04.2012 08:31:00 | Computer Name = Ioana-PC | Source = PerfNet | ID = 2006
    Description =

    Error - 09.04.2012 08:39:00 | Computer Name = Ioana-PC | Source = PerfNet | ID = 2006
    Description =

    Error - 09.04.2012 08:47:00 | Computer Name = Ioana-PC | Source = PerfNet | ID = 2006
    Description =

    Error - 09.04.2012 08:55:00 | Computer Name = Ioana-PC | Source = PerfNet | ID = 2006
    Description =

    Error - 09.04.2012 09:03:00 | Computer Name = Ioana-PC | Source = PerfNet | ID = 2006
    Description =

    Error - 10.04.2012 03:59:03 | Computer Name = Ioana-PC | Source = Application Hang | ID = 1002
    Description = The program acad.exe version 24.0.55.0 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Action Center control panel. Process ID: 17dc Start Time:
    01cd16efb459a8d8 Termination Time: 37 Application Path: C:\Program Files\AutoCAD
    2010\acad.exe Report Id: 06813143-82e3-11e1-8a35-f04da24aed35

    Error - 10.04.2012 05:52:21 | Computer Name = Ioana-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
    online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

    Error - 13.04.2012 16:09:01 | Computer Name = Ioana-PC | Source = LMS | ID = 2
    Description = The service process could not connect to the service controller.

    Error - 14.04.2012 16:56:31 | Computer Name = Ioana-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
    online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

    [ Broadcom Wireless LAN Events ]
    Error - 30.04.2012 14:53:48 | Computer Name = Ioana-PC | Source = WLAN-Tray | ID = 0
    Description = 21:53:48, Mon, Apr 30, 12 Error - Unable to gain access to user store


    Error - 03.06.2012 14:48:10 | Computer Name = Ioana-PC | Source = WLAN-Tray | ID = 0
    Description = 21:48:09, Sun, Jun 03, 12 Error - Unable to gain access to user store


    [ OSession Events ]
    Error - 30.11.2011 20:22:09 | Computer Name = Ioana-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11083
    seconds with 4320 seconds of active time. This session ended with a crash.

    Error - 01.12.2011 09:42:56 | Computer Name = Ioana-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10560
    seconds with 4800 seconds of active time. This session ended with a crash.

    Error - 02.12.2011 05:55:57 | Computer Name = Ioana-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8894
    seconds with 1440 seconds of active time. This session ended with a crash.

    Error - 16.12.2011 06:39:49 | Computer Name = Ioana-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3416
    seconds with 1020 seconds of active time. This session ended with a crash.

    Error - 16.12.2011 06:45:26 | Computer Name = Ioana-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 250
    seconds with 240 seconds of active time. This session ended with a crash.

    Error - 16.12.2011 06:55:24 | Computer Name = Ioana-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 524
    seconds with 360 seconds of active time. This session ended with a crash.

    Error - 18.12.2011 06:25:00 | Computer Name = Ioana-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2205
    seconds with 780 seconds of active time. This session ended with a crash.

    Error - 17.01.2012 19:07:34 | Computer Name = Ioana-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2493
    seconds with 2400 seconds of active time. This session ended with a crash.

    Error - 18.01.2012 04:25:41 | Computer Name = Ioana-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 263
    seconds with 240 seconds of active time. This session ended with a crash.

    Error - 18.01.2012 04:31:00 | Computer Name = Ioana-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 276
    seconds with 240 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 20.06.2012 22:12:08 | Computer Name = Ioana-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1058

    Error - 20.06.2012 22:12:15 | Computer Name = Ioana-PC | Source = SNMP | ID = 16713180
    Description = The SNMP Service encountered an error while accessing the registry
    key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

    Error - 20.06.2012 22:12:15 | Computer Name = Ioana-PC | Source = Service Control Manager | ID = 7001
    Description = The Internet Connection Sharing (ICS) service depends on the Remote
    Access Connection Manager service which failed to start because of the following
    error: %%1058

    Error - 20.06.2012 22:12:16 | Computer Name = Ioana-PC | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126

    Error - 20.06.2012 22:12:37 | Computer Name = Ioana-PC | Source = Service Control Manager | ID = 7034
    Description = The HP-MPI Remote Launch service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 20.06.2012 22:14:27 | Computer Name = Ioana-PC | Source = Service Control Manager | ID = 7000
    Description = The MBAMService service failed to start due to the following error:
    %%2

    Error - 20.06.2012 22:57:58 | Computer Name = Ioana-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 20.06.2012 23:00:08 | Computer Name = Ioana-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 20.06.2012 23:00:08 | Computer Name = Ioana-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 20.06.2012 23:00:40 | Computer Name = Ioana-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.


    < End of report >
     
  12. Ioana

    Ioana Newcomer, in training Topic Starter Posts: 40

    since 6:18 eset hasn't reported anything anymore. I hope it will remain this way .

    looking forward to hear from you . thank you
  13. Broni

    Broni Malware Annihilator Posts: 46,173   +251

    Good news :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      @Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:943971F5
      @Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:EE198B1F
      @Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:4A8EB1C4
      @Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:1A15E356
      @Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:87A3A233
      @Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:18DEBC51
      @Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:14B2E0BD
      @Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:2D133896
      @Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:58E38390
      @Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:6EE8565A
      @Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:B4258C5D
      @Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:1604D047
      @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C2F24DB5
      @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:AA0017FD
      @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:85AA7074
      @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5520ED93
      @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:F5D01D7C
      @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2AE74FF9
      @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:ED2D63E4
      @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:A6F30843
      @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:5311B0B8
      @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B0456F0C
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:012BC84F
      @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6A0A47E7
      @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:474022C7
      @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:26499772
      @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2652902F
      @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D026A5A4
      @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1B389835
      @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:3E200C29
      @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:02CC0035
      @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =======================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please, run F-Secure Online Scanner

    • Disable your Antivirus program.
    • Checkmark I have read and accepted the license terms.
    • Click on Run Check button.
    • Quick scan (recommended) option will come pre-checked. Don't change it.
    • Click on Start button.
    • When scan is done, in Step 3: Clean the files, leave all settings as they're.
    • Click Next button.
    • Click Full report... button.
    • Copy report's content and paste it into your next reply.
  14. Ioana

    Ioana Newcomer, in training Topic Starter Posts: 40

    Thanks for reply, unfortunatlly I had to go to work and I can't download anything from here. tonight when I'll arrive home I'll get right to work
  15. Ioana

    Ioana Newcomer, in training Topic Starter Posts: 40

    I've done the scanning with OTL; here is the log:

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    ADS C:\ProgramData\TEMP:943971F5 deleted successfully.
    ADS C:\ProgramData\TEMP:EE198B1F deleted successfully.
    ADS C:\ProgramData\TEMP:4A8EB1C4 deleted successfully.
    ADS C:\ProgramData\TEMP:1A15E356 deleted successfully.
    ADS C:\ProgramData\TEMP:87A3A233 deleted successfully.
    ADS C:\ProgramData\TEMP:18DEBC51 deleted successfully.
    ADS C:\ProgramData\TEMP:14B2E0BD deleted successfully.
    ADS C:\ProgramData\TEMP:2D133896 deleted successfully.
    ADS C:\ProgramData\TEMP:58E38390 deleted successfully.
    ADS C:\ProgramData\TEMP:6EE8565A deleted successfully.
    ADS C:\ProgramData\TEMP:B4258C5D deleted successfully.
    ADS C:\ProgramData\TEMP:1604D047 deleted successfully.
    ADS C:\ProgramData\TEMP:C2F24DB5 deleted successfully.
    ADS C:\ProgramData\TEMP:AA0017FD deleted successfully.
    ADS C:\ProgramData\TEMP:85AA7074 deleted successfully.
    ADS C:\ProgramData\TEMP:5520ED93 deleted successfully.
    ADS C:\ProgramData\TEMP:F5D01D7C deleted successfully.
    ADS C:\ProgramData\TEMP:2AE74FF9 deleted successfully.
    ADS C:\ProgramData\TEMP:ED2D63E4 deleted successfully.
    ADS C:\ProgramData\TEMP:A6F30843 deleted successfully.
    ADS C:\ProgramData\TEMP:5311B0B8 deleted successfully.
    ADS C:\ProgramData\TEMP:B0456F0C deleted successfully.
    ADS C:\ProgramData\TEMP:012BC84F deleted successfully.
    ADS C:\ProgramData\TEMP:6A0A47E7 deleted successfully.
    ADS C:\ProgramData\TEMP:474022C7 deleted successfully.
    ADS C:\ProgramData\TEMP:26499772 deleted successfully.
    ADS C:\ProgramData\TEMP:2652902F deleted successfully.
    ADS C:\ProgramData\TEMP:D026A5A4 deleted successfully.
    ADS C:\ProgramData\TEMP:1B389835 deleted successfully.
    ADS C:\ProgramData\TEMP:3E200C29 deleted successfully.
    ADS C:\ProgramData\TEMP:02CC0035 deleted successfully.
    ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]


    For the rest I'll just have to wait to get home
  16. Ioana

    Ioana Newcomer, in training Topic Starter Posts: 40

    Another thing: when I started the laptot, eset smart returned a message that sounds like this:

    Name: C:\Qoobox\Quarantine\CWindows\assembly\GAC_64\Desktop.ini.vir
    Threat: Win64/Sirefef.AD trojan
    Action: impossible to clean
    User: NT AUTHORITY\LOCAL SERVICE


    But this was before the OTL log that I sent just now.
  17. Ioana

    Ioana Newcomer, in training Topic Starter Posts: 40

    I might be able to to this from work :)

    This is the log from security check:

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is disabled!)
    Internet Explorer 8 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    ESET Online Scanner v3
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 26
    Out of date Java installed!
    Adobe Reader X (10.1.3)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ``````````End of Log````````````
  18. Ioana

    Ioana Newcomer, in training Topic Starter Posts: 40

    Log for Farbar Service Scanner:

    Farbar Service Scanner Version: 19-06-2012 01
    Ran by Ioana (administrator) on 21-06-2012 at 11:12:28
    Running from "C:\Users\Ioana\Downloads"
    Microsoft Windows 7 Ultimate (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error: Google IP is offline
    Attempt to access Google.com returned error: Google.com is offline
    Attempt to access Yahoo IP returned error: Yahoo IP is offline
    Attempt to access Yahoo.com returned error: Yahoo.com is offline


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is OK.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is OK.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2009-07-14 02:25] - [2009-07-14 04:45] - 1898576 ____A (Microsoft Corporation) 912107716BAB424C7870E8E6AF5E07E1

    C:\Windows\System32\dnsrslvr.dll
    [2009-07-14 02:21] - [2009-07-14 04:40] - 0182272 ____A (Microsoft Corporation) 676108C4E3AA6F6B34633748BD0BEBD9

    C:\Windows\System32\mpssvc.dll
    [2009-07-14 03:09] - [2009-07-14 04:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll
    [2009-07-14 02:36] - [2009-07-14 04:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll
    [2009-07-14 03:36] - [2009-07-14 04:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  19. Ioana

    Ioana Newcomer, in training Topic Starter Posts: 40

    yep, just as I thought, I can't do the online scanner cause it doesn't download the files it needs.
  20. Ioana

    Ioana Newcomer, in training Topic Starter Posts: 40

    hello again, I ran the f-secure online scanner and this is the report:

    Scanning Report

    Friday, June 22, 2012 00:55:44 - 01:03:12

    Computer name: IOANA-PC
    Scanning type: Quick scan
    Target: System


    12 malware found

    TrackingCookie.Questionmarket (spyware)
    • System (Disinfected)
    TrackingCookie.Adinterax (spyware)
    • System (Disinfected)
    TrackingCookie.2o7 (spyware)
    • System (Disinfected)
    TrackingCookie.Advertising (spyware)
    • System (Disinfected)
    TrackingCookie.Atdmt (spyware)
    • System (Disinfected)
    Trojan.Generic.7511814 (spyware)
    • System (Disinfected)
    TrackingCookie.Doubleclick (spyware)
    • System (Disinfected)
    TrackingCookie.Adbrite (spyware)
    • System (Disinfected)
    TrackingCookie.Webtrends (spyware)
    • System (Disinfected)
    TrackingCookie.Statcounter (spyware)
    • System (Disinfected)
    TrackingCookie.Atwola (spyware)
    • System (Disinfected)
    TrackingCookie.Yieldmanager (spyware)
    • System (Disinfected)

    Statistics

    Scanned:
    • Files: 6330
    • System: 6330
    • Not scanned: 0
    Actions:
    • Disinfected: 12
    • Renamed: 0
    • Deleted: 0
    • Not cleaned: 0
    • Submitted: 0

    Options

    Scanning engines:
  21. Ioana

    Ioana Newcomer, in training Topic Starter Posts: 40

    hope to hear from you soon and thank you very very much for your patience
  22. Broni

    Broni Malware Annihilator Posts: 46,173   +251

    That file is already in Combofix quarantine folder so there is nothing to worry about. You can either allow Eset ot fix it or it'll be removed when we uninstall Combofix.

    ===============================================

    Now I can see some issues with Windows Update and Action Center so we'll have to attempt to fix it.

    Download Windows Repair (all in one) from this site

    Install the program then run

    Go to step 2 and allow it to run Disc check

    [​IMG]



    Once that is done then go to step 3 and allow it to run SFC

    [​IMG]


    On the the Start Repairs tab. Click the Advanced Mode and click Start

    [​IMG]


    Please ensure that items seen in the image below are ticked as well as the Repair MSI (Windows Installer) & Set Windows Services to Default Setup.

    Click on box next to the Restart System when Finished. Then click on Start

    [​IMG]

    Then post new FSS log.
  23. Ioana

    Ioana Newcomer, in training Topic Starter Posts: 40

    First of all, let me thank you for your interest in my laptop's well being:D
    An second I have a problem with the windows repair. when I get to Start Repairs mine looks like this: problem.png

    I've tried 2 times, made all the steps and still this. maybe I can find the variant you're using by browsing some torrents...don't know what to say
  24. Broni

    Broni Malware Annihilator Posts: 46,173   +251

    Click on "Start" and see what happens.
  25. Ioana

    Ioana Newcomer, in training Topic Starter Posts: 40

    the Info on the right is not the same with what you showed me "set windows service to default startup"

    Untitled.png


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.